Email and Protected Health Information

Business Email Compromise (BEC) is a type of attack on company email systems where the hacker’s goal is to gain access to an email system and search for data that can be used to commit fraud.

In the healthcare industry, fraudsters are committing BEC to steal protected health information (PHI). Why? Because PHI has many use cases unlike credit card and account data which is only useful until the victim cancels the credit cards and accounts. PHI such as a “Face Sheet” typically contains a treasure trove of information that can be used to commit medical services theft, Medicare/Medicaid fraud, fraudulent insurance billing, and income tax fraud to name a few.

Healthcare companies and their employees are required by HIPAA to protect PHI. You can do your part to protect PHI from BEC by taking the following actions:
• deleting emails containing PHI as soon as they are no longer necessary to retain,
• never sharing your password with anyone,
• changing your password regularly using strong passwords, and
• before clicking any link – STOP. LOOK. THINK.